Threat Description

Russian New Year

Details

Summary

There is no virus by this name. However, there is a well-known security hole in Windows
and MS Excel which is known by this name.

Removal

Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.

Technical Details

This vulnerability, related to the CALL function of Excel, allows an attacker to send
an HTML e-mail or modify a HTML web page so that when accessed, the HTML page will
automatically launch Excel and use that to run any program. This allows the attacker
to do pretty much anything he wants on the host machine.

This attack is not widespread and no real-world incidents have been reported.

The problem has been partially solved by Microsoft by releasing patch for Excel 97
(this patch will disable the CALL command completely). Excel 95 can't be protected
by this time.

Netscape and Internet Explorer can also be secured against this attack by updating
to the latest version with latest patches. This does not prevent some attacks through
HTML e-mail though.

F-Secure Anti-Virus detects Excel files with embedded harmful CALL commands and will
protect the user against this type of attack.

[By Mikko Hypponen, F-Secure]

SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis